computer-playbook/roles/web-app-wordpress/tasks/plugins/daggerhart-openid-connect-generic.yml

- name: "Load OIDC settings variables"
  include_vars:
    file: "{{ role_path }}/vars/oidc.yml"
    name: oidc_vars

- name: "Ensure the OIDC settings option exists as a PHP-serialized empty array"
  # Generate an empty serialized array in the container, then add or update the option
  command: >
    docker-compose exec -u www-data -T application bash -lc
    "serialized_empty_array=$(wp eval 'echo serialize(array());' --path={{ WORDPRESS_DOCKER_HTML_PATH }}); \
     wp option add openid_connect_generic_settings \"$serialized_empty_array\" --path={{ WORDPRESS_DOCKER_HTML_PATH }} \
     || wp option update openid_connect_generic_settings \"$serialized_empty_array\" --path={{ WORDPRESS_DOCKER_HTML_PATH }};"
  args:
    chdir: "{{ docker_compose.directories.instance }}"
  failed_when: false

- name: "Apply all OIDC settings via WP-CLI eval (safe via base64)"
  # Convert the settings map to base64-encoded JSON to avoid shell escaping issues
  vars:
    oidc_settings_json_b64: "{{ oidc_vars.oidc_settings | to_json | b64encode }}"
  command: >
    docker-compose exec -u www-data -T application bash -lc
      "wp eval \"update_option('openid_connect_generic_settings', json_decode(base64_decode('{{ oidc_settings_json_b64 }}'), true));\" --path={{ WORDPRESS_DOCKER_HTML_PATH }}"
  args:
    chdir: "{{ docker_compose.directories.instance }}"